From owner-freebsd-bugs@freebsd.org  Mon Jul 13 14:55:03 2020
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 066043662C7
 for <freebsd-bugs@mailman.nyi.freebsd.org>;
 Mon, 13 Jul 2020 14:55:03 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:13])
 by mx1.freebsd.org (Postfix) with ESMTP id 4B56BZ6SJgz42xD
 for <freebsd-bugs@freebsd.org>; Mon, 13 Jul 2020 14:55:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.nyi.freebsd.org (Postfix)
 id DBD623662C6; Mon, 13 Jul 2020 14:55:02 +0000 (UTC)
Delivered-To: bugs@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id DB98D3663C1
 for <bugs@mailman.nyi.freebsd.org>; Mon, 13 Jul 2020 14:55:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4B56BZ5TVhz42rt
 for <bugs@FreeBSD.org>; Mon, 13 Jul 2020 14:55:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:1d])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9B33316AE6
 for <bugs@FreeBSD.org>; Mon, 13 Jul 2020 14:55:02 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06DEt2w0016710
 for <bugs@FreeBSD.org>; Mon, 13 Jul 2020 14:55:02 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06DEt2kC016709
 for bugs@FreeBSD.org; Mon, 13 Jul 2020 14:55:02 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 247952] ipfilter ipfstat -nhio6 show different results than -nhio
Date: Mon, 13 Jul 2020 14:55:02 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 12.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: joeb1@a1poweruser.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-247952-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 14:55:03 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D247952

            Bug ID: 247952
           Summary: ipfilter ipfstat -nhio6 show different results than
                    -nhio
           Product: Base System
           Version: 12.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: joeb1@a1poweruser.com

ipfilter ipf command was changed a long time ago to no longer require 1 rul=
es
file for ipv4 and another rules file for ipv6. Both were combined into sing=
le
rules file. Seems this change was not also done to the ipfstat command.

Running 12.1 RELEASE on real hardware.=20=20


>cat /etc/ipf.rules
pass out quick on em0  all
pass in  quick on em0  all
pass out quick on bridge0  all
pass in  quick on bridge0  all
pass in  quick on lo0 all=20
pass out quick on lo0 all=20
pass out quick on re0 proto tcp/udp from any to any port =3D 53 keep state
pass out quick on re0 proto udp from any to any port =3D 67 keep state
pass out log quick on re0 proto icmp from any to any keep state
pass out log quick on re0 proto ipv6-icmp from any to any=20
pass out quick on re0 proto tcp from any to any port =3D 43 flags S keep st=
ate
block out quick on re0 all

block in quick on re0 proto icmp all
pass in log quick family inet6 proto ipv6-icmp all=20
block in    quick on re0 all


>ipfstat -nhoi
0 @1 pass out quick on em0 all
232 @2 pass out quick on bridge0 all
0 @3 pass out quick on lo0 all
7 @4 pass out quick on re0 proto tcp/udp from any to any port =3D domain ke=
ep
state
0 @5 pass out quick on re0 proto udp from any to any port =3D bootps keep s=
tate
0 @6 pass out log quick on re0 proto icmp from any to any keep state
1 @7 pass out log quick on re0 proto ipv6-icmp from any to any
0 @8 pass out quick on re0 proto tcp from any to any port =3D nicname flags
S/FSRPAU keep state
45 @9 block out quick on re0 all
25 @1 pass in quick on em0 all
234 @2 pass in quick on bridge0 all
0 @3 pass in quick on lo0 all
0 @4 block in quick on re0 proto icmp from any to any
48 @5 block in quick on re0 all


>ipfstat -nhoi6
0 @1 pass out quick on em0 all
234 @2 pass out quick on bridge0 all
0 @3 pass out quick on lo0 all
7 @4 pass out quick on re0 proto tcp/udp from any to any port =3D domain ke=
ep
state
0 @5 pass out quick on re0 proto udp from any to any port =3D bootps keep s=
tate
0 @6 pass out log quick on re0 proto icmp from any to any keep state
1 @7 pass out log quick on re0 proto ipv6-icmp from any to any
0 @8 pass out quick on re0 proto tcp from any to any port =3D nicname flags
S/FSRPAU keep state
45 @9 block out quick on re0 all
25 @1 pass in quick on em0 all
236 @2 pass in quick on bridge0 all
0 @3 pass in quick on lo0 all
0 @4 block in quick on re0 proto icmp from any to any
469 @5 pass in log quick inet6 proto ipv6-icmp from any to any
49 @6 block in quick on re0 all


>cat /var/log/security
@0:5 p fe80::201:5cff:fe9d:1846 -> ff02::1 PR icmpv6 len 40 56 icmpv6
routeradvert/0 IN multicast
@0:5 p fe80::201:5cff:fe9d:1846 -> ff02::1 PR icmpv6 len 40 72 icmpv6
neighborsolicit/0 IN multicast
@0:5 p fe80::201:5cff:fe9d:1846 -> ff02::1 PR icmpv6 len 40 56 icmpv6
routeradvert/0 IN multicast
@0:5 p fe80::201:5cff:fe9d:1846 -> ff02::1 PR icmpv6 len 40 72 icmpv6
neighborsolicit/0 IN multicast
@0:5 p fe80::201:5cff:fe9d:1846 -> ff02::1 PR icmpv6 len 40 56 icmpv6
routeradvert/0 IN multicast
@0:5 p fe80::201:5cff:fe9d:1846 -> ff02::1 PR icmpv6 len 40 56 icmpv6
routeradvert/0 IN multicast
snip


Rule #5 is missing from the -nhoi listing but is present in the -nhoi6 list.
This is a error. The -6 flag should be removed as obsolete and the listing =
show
all the ipv4 & ipv6 rules in single list.

--=20
You are receiving this mail because:
You are the assignee for the bug.=